Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

Malicious code on Unity Technologies’s SpeedTree site skimmed sensitive data from hundreds of customers, the company confirmed. Video game software development firm Unity Technologies revealed that malicious code on its SpeedTree website skimmed sensitive information from hundreds of customers, impacting users who accessed the compromised site. The company discovered on August 26, 2025, the presence […]

Unity Technologies

Malicious code on Unity Technologies’s SpeedTree site skimmed sensitive data from hundreds of customers, the company confirmed.

Video game software development firm Unity Technologies revealed that malicious code on its SpeedTree website skimmed sensitive information from hundreds of customers, impacting users who accessed the compromised site.

The company discovered on August 26, 2025, the presence of malicious code on the checkout page of its SpeedTree website since March 13, 2025. The code could capture customer data entered during purchases. After the discovery of the code the company launched an investigation, disabled the website, and removed the code.

“Our investigation determined that the incident involved an unauthorized code that had been added to the check-out page of the SpeedTree website around March 13, 2025. We promptly removed this code upon its discovery on August 26, 2025.” reads the data breach notification shared with the Maine Attorney General. “This unauthorized code potentially allowed an unauthorized individual to capture information entered during the checkout process on the SpeedTree product page.”

Customers who purchased from the SpeedTree website between March 13 and August 26, 2025, may have had data such as name, address, email, credit card number, and access code exposed due to malicious code active on the checkout page during that period.

According to the data breach notification letter, the total number of affected persons is 428.

In response to the incident, the company secured its network, reviewed affected files, notified impacted clients and authorities. Unity Technologies is offering 12 months of free credit monitoring and identity protection through Equifax to help safeguard affected individuals’ information.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Unity Technologies)